[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Is there an issue with turning off "scrubbing free RAM" on boot with Xen 4.1.3



On Mon, 2013-11-11 at 10:33 +0000, Jan Beulich wrote:
> >>> On 11.11.13 at 11:14, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:
> > On Sun, 2013-11-10 at 14:25 -0800, Matt Wilson wrote:
> >> On Thu, Oct 10, 2013 at 10:42:14AM +0100, Andrew Cooper wrote:
> >> > In the Xen model, domains are responsible for clearing any sensitive
> >> > data they have out of memory before shutdown.
> >> 
> >> This isn't strictly true. Memory is scrubbed by Xen when the domain
> >> cannot do it for itself (i.e., when a domain is dying during
> >> shutdown).
> > 
> > Isn't this only when the domain is killed by the toolstack or crashes
> > etc. On a graceful shutdown I thought the guest was still responsible
> > for clearing any memory it cared about.
> 
> No, the scrubbing is independent of the shutdown reason:
> 
>         /*
>          * Normally we expect a domain to clear pages before freeing them, if 
>          * it cares about the secrecy of their contents. However, after a 
>          * domain has died we assume responsibility for erasure.
>          */
>         if ( unlikely(d->is_dying) )
>             for ( i = 0; i < (1 << order); i++ )
>                 scrub_one_page(&pg[i]);

My mistake, thanks for the correction.

This does seem safer/wiser in any case...

Ian.



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.